Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Forwarded mail....

From: Kaneda Akira <k_aneda () yahoo com>
Date: Fri, 23 Nov 2001 08:05:13 +1100 (EST)
Perhaps a new way of submitting advisories is in order, a online form that
could help you submit it the right way (and perhaps show if it has been
submitted before [simple search])...?

---
Kaneda Akira
ICQ#49107701
Email: k_aneda () yahoo com
Mobile: 0418 445 821 (Australia only)
--
Remember kids, it's all just questionably tasteful fun.
--
That's why we spend so much time trying to understand our own
motivations and those of others.  That's what makes life so
interesting.
    -- Kaji, Evangelion Ep 18
--
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location... and i'm
not even too sure about that one"--Dennis Huges, FBI.

On Thu, 22 Nov 2001, Paul Rogers wrote:


Date: Thu, 22 Nov 2001 09:57:39 +0000 (GMT)
From: Paul Rogers <airwofl () flumps org>
To: focus-ms () securityfocus com, incidents () securityfocus com
Cc: vuln-dev () securityfocus com
Subject: Forwarded mail....

I have to say, what is the point? Is this a hoax or not, because it
seems strange that it didn't go to Bugtraq or VulnWatch? If it isn't
then how is everyone that works with in IT supposed to know if this is
true and what conditions cause it to occur?

You are only pampering to the wants of the big boys (or gals) and you
will make life for IT staff employed by their own company to secure their
systems / networks impossible, which may lead to:

-> non-requirement for internal IT Security ppl
-> requirement for external security company
-> decrease in efficiency and understanding of the business risks
associated with security
-> possibly a lower level of security within organisations
-> bigger bank accounts for the big IT Security players only
-> which *could* lead to monopoly conditons

So we all sit here for 60 days vulnerable to "something" not knowing what
it is, what functionality the registry key mentioned offers users and
hence what functionality will be broken by the modification - really
useful for people who need to roll out security changes quickly.

Me two-penneth worth.

Cheers,

Paul Rogers,
Information Security Consultant.
Previous By Date Next
Previous By Thread Next

Current thread: